SUSE-SU-2023:2907-1 -- SLES poppler, libpoppler-glib8, libpoppler60, libpoppler-qt4-4ID: oval:org.secpod.oval:def:89049132 | Date: (C)2023-08-30 (M)2023-12-20 |
Class: PATCH | Family: unix |
This update for poppler fixes the following issues: * CVE-2022-27337: Fixed a logic error in the Hints::Hints function which can cause denial of service . * CVE-2018-21009: Fixed integer overflow in Parser:makeStream in Parser.cc . * CVE-2019-12293: Fixed heap-based buffer over-read in JPXStream:init in JPEG2000Stream.cc . * CVE-2018-20481: Fixed memory leak in GfxColorSpace:setDisplayProfile in GfxState.cc . * CVE-2019-7310: Fixed a heap-based buffer over-read allows remote attackers to cause DOS via a special crafted PDF . * CVE-2018-13988: Fixed buffer overflow in pdfunite . * CVE-2018-16646: Fixed infinite recursion in poppler/Parser.cc:Parser::getObj function . * CVE-2018-19058: Fixed reachable abort in Object.h leading to denial of service . * CVE-2018-19059: Fixed out-of-bounds read in EmbFile:save2 in FileSpec.cc leading to denial of service . * CVE-2018-19060: Fixed NULL pointer dereference in goo/GooString.h leading to denial of service . * CVE-2018-19149: Fixed NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment . * CVE-2017-18267: Fixed denial of service via a crafted PDF file . * CVE-2018-20650: Fixed issue where a reachable Object in dictLookup assertion allows attackers to cause DOS .
Platform: |
SUSE Linux Enterprise Server 12 SP5 |
Product: |
poppler |
libpoppler-glib8 |
libpoppler60 |
libpoppler-qt4-4 |